How an iPhone Vulnerability Allowed Websites to Hack iOS Devices

MakeUseOf | 9/20/2019 | Georgina Torbet
Kota79Kota79 (Posted by) Level 4
Click For Photo: https://static.makeuseof.com/wp-content/uploads/2019/09/iphone-vulnerability-994x400.jpg

You may have heard about the discovery of a hack which targeted iPhone devices via websites for years. Google announced it had uncovered the issue as part of its Project Zero security analysis mission, and it showed how hackers could have accessed thousands of devices over a two year period.

So how were websites able to hack iPhones? And what should you do to keep yourself safe from these types of hack? We’ve got all the details you need to know.

Security - Issue - August - Google - Project

Here’s how the security issue worked, as revealed in August 2019 by Google Project Zero. Traditionally, people thought it was hard or even impossible to hack iOS devices as long as they weren’t jailbroken. To hack an iOS device requires knowledge of a “zero day vulnerability”.

This is a vulnerability which has not yet been disclosed to Apple or to the security community. As soon as Apple discovers a vulnerability, it patches it. This means that as soon as a vulnerability becomes widely known it is almost immediately fixed.

Case - Hacks - Websites - IPhones - Hackers

In the case of these hacks, however, websites were able to hack iPhones which visited them. The hackers achieved this using 14 different vulnerabilities, which were combined into five attack chains.

An “attack chain” is where several vulnerabilities are used in concert to attack a device. Any one of the vulnerabilities would not be enough to hack a device on its own, but together they can. All together, hackers could use the vulnerabilities together to install an “implant” onto a device which could run as root.

Operating - System - Security - Protocols - Level

That means it bypassed the operating system’s security protocols and had the highest possibly level of security privileges.

Just visiting one of these sites was enough to install a piece of monitoring software on your device. More concerningly, Google said it estimated that thousands of people visited the sites every week....
(Excerpt) Read more at: MakeUseOf
Wake Up To Breaking News!
The truth fairly and honestly presented, will be spun as a lie by a politician.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!